Tag Archive for: Responsible

Russian GRU unit Solntsepek responsible for Kyivstar hack, says Ukrainian intelligence


Kyivstar, SBU cyber experts, government agencies and IT companies continue to restore network

Kyivstar, SBU cyber experts, government agencies and IT companies continue to restore network

The Solntsepek hacking group, which has claimed responsibility for hacking Kyivstar’s mobile network, is part of the Russian military intelligence agency the GRU, the Ukrainian Security Service (SBU) reported on Telegram on Dec. 13.

“We attacked Kyivstar because the company provides communications for the Ukrainian Armed Forces, as well as the government and law enforcement agencies of Ukraine,” Solntsepek claimed on one of its social media channels.

In its message, the group claimed it had destroyed 10,000 computers, more than 4 thousand servers, and all cloud storage and backup systems belonging to Ukraine’s largest mobile operator.

Kyivstar, SBU cyber experts, other government agencies, and IT companies are continuing to restore the network after the attack which left 24 million subscribers without mobile connection.

Read also: Overwhelming cyber-attack took out Ukraine’s largest mobile operator – Kyivstar Pres. explains how

Preliminary estimates suggest that landline internet may be restored today, the SBU said.

The SBU has opened a criminal investigation into the cyber-attack on Kyivstar.

Ukraine’s largest mobile operator Kyivstar experienced a major outage on the morning of Dec. 12, bringing the network down across the entire country. More than 12 hours later, company engineers are still unable to bring it back online.

Initially attributing the disruption to a technical glitch, Kyivstar later confirmed the outage was the result of a hacker attack.

Read also: Major banking platform Monobank experiences massive DDoS attacks following Kyivstar network outage

The Ministry of Digital Transformation subsequently stated that the malfunction had disrupted national roaming services but had not affected the national air raid alert system or the Kyiv metro.

“Kyivstar will definitely provide compensation to subscribers who were unable to use the operator’s services or had no connection,” the company stated. Kyivstar also apologized to subscribers for the temporary inconvenience and thanked them for their understanding.

Restoration efforts for Kyivstar subscribers are underway…

Source…

‘It’s a pretty big issue for the city’: Ransomware attack responsible for Toronto Public Library outage



Library branches remain open as scheduled but its website, public computers, printing services, digital collections and MAP passes are still unavailable.

Source…

Hacker responsible for 2020 Twitter breach sentenced to prison


Three years after one of the most visible hacks in recent history played out in real-time in front of millions of Twitter users, one of the hackers responsible for the breach will now serve time in federal prison.

Joseph James O’Connor, 24, was sentenced Friday in a New York federal court to five years in prison after pleading guilty in May to four counts of computer hacking, wire fraud and cyberstalking. O’Connor also agreed to forfeit at least $794,000 to the victims of his crimes.

O’Connor, a U.K. citizen, was extradited from Spain at the request of U.S. prosecutors earlier this year and has remained in custody since.

In the hearing, Judge Jed S. Rakoff said O’Connor will likely serve about half of his sentence after spending more than two years in pre-trial custody.

O’Connor faced a maximum of 77 years in prison, according to Reuters. Justice Department prosecutors called for O’Connor to serve at least seven years in prison.

In court, O’Connor said his crimes were “stupid and pointless,” apologized to his victims, and asked the judge for leniency.

According to prosecutors, O’Connor “used his sophisticated technological abilities for malicious purposes — conducting a complex SIM swap attack to steal large amounts of cryptocurrency, hacking Twitter, conducting computer intrusions to take over social media accounts, and even cyberstalking two victims, including a minor victim.”

The government said O’Connor, known by his online handle PlugWalkJoe, was part of a group that broke into dozens of high-profile Twitter accounts, including Apple, Binance, Bill Gates, Joe Biden and Elon Musk, to spread cryptocurrency get-rich-quick scams in July 2020.

O’Connor used phone-based social engineering techniques to trick Twitter employees into granting the group of hackers access to Twitter’s network. One of the other hackers convicted of the Twitter breach, Graham Ivan Clark, also known as Kirk, used the access to Twitter’s network to abuse an internal admin tool to hijack and reassign Twitter user accounts.

A screenshot of the Twitter admin panel that the hackers breached in order to reassign access to Twitter user accounts.

A screenshot of the Twitter admin panel that the hackers breached in order to reassign access to Twitter user accounts. Image Credits: TechCrunch…

Source…

Vehere Takes the Lead With Tracking Its First-ever Zero-day Vulnerability and Subsequent Responsible Disclosure


SAN FRANCISCO, May 30, 2023–(BUSINESS WIRE)–Vehere’s research wing, Dawn Treader, has announced its recent discovery of a zero-day vulnerability, marking a significant achievement for the cyber network intelligence organization. This is the first time Vehere has made such a discovery, showcasing the efficiency and capability of the research team. The identification of this vulnerability is a major milestone for the organization, and demonstrates their commitment to staying at the forefront of the ever-evolving cybersecurity landscape.

The vulnerability, identified through fuzzing, was a heap buffer overflow in MagickCore/quantum-import.c and affects ImageMagick versions 7.1.1-6. It allows attackers to exploit a crafted file and trigger an out-of-bound read error, resulting in an application crash and denial-of-service. The vulnerability was responsibly disclosed to ImageMagick, which promptly released a patch addressing the issue by ensuring proper memory allocation. RedHat has released an advisory to warn users about this vulnerability, assigning it a CVSS score of 5.5 and a CVE ID of CVE-2023-2157.

Read Dawn Treader’s exclusive blog post and discover further details about this zero-day vulnerability:
https://vehere.com/threat-severity-high/breaking-down-the-imagemagick-cve-2023-2157-vulnerability-dawn-treaders-findings/

Speaking on this impactful discovery, Vehere’s co-founder Praveen Jaiswal said, “Vehere’s successful identification and ethical disclosure of the vulnerability highlight our commitment to proactively identify and address potential threats. We are extremely proud that we are one of the few Indian companies to identify a zero-day vulnerability, and it serves as a testament to the expertise and dedication of our research team, Dawn Treader.”

Vehere is a revolutionary cybersecurity company that is boldly merging the realms of national security and enterprise security through a single, powerful platform. With a strong global presence and unparalleled expertise in cyber network intelligence, Vehere is radically changing the way organizations and governments protect themselves from cyber threats. Established in 2006, Vehere is a global corporation with offices in San…

Source…